Reporting Templates

URL: https://pentest.ws/report-templates

Once that you have collected your set of Findings for the client, you need to build a client deliverable document with these details. The Reporting Module processes user-uploaded DOCX files with embedded {tags} to generate fully customized reporting documents with a single click.

Report Templates Admin

Start by downloading an Example Report Template (https://pentest.ws/docx/report_template.docx) and begin customizing your company name, logo and other needed details.

Upload your Report Template using the Report Templates Admin screen. From here, the template will be available for use in the Engagement's Reports tab. See Generating Deliverable for more details.

Template Syntax

The template syntax includes For loops, If statements, and Variables and HTML content from your Findings entries including embedded images like screenshots for evidence. Using the Client Manager you can add tags such as {= client.name} and {= client.shortName}, its just one less thing you need to fill out in the final report. Once the Reporting Module is finished processing, your browser downloads the new DOCX file where you can further customize the report as needed.

Fields List

For a full list of fields available in your report templates, visit:

https://gist.github.com/PenTestWS/c5d378e789e06e81a142495ea3823a52

Text Variables

{= engagement.name}

Simple text variables are referenced using the {= variable} format. You can also insert statements such as {= client.city + ", " + client.state + " " + client.zip}

Notice that with simple text variables, the dollar sign $ is not required to reference the variable, but other syntax statements requires the dollar sign $.

Rich Text / HTML

{HTML $finding.descFull}

Fields in the PenTest.WS user interface that use the rich text editor require the HTML format {HTML $variable} to reference the variable in the reporting template.

The HTML format is also capable of rending images you have inserted into the associated field.

IF Statements

{IF $finding.evidence != ""}
    
    Evidence:
    {HTML $finding.evidence}
    
{END-IF}

Conditional statements are supported through the {IF $variable = "value"} syntax. To end the if statement use {END-IF}.

FOR Loops

{FOR finding IN findings}
    Title: {= finding.title}
    Risk:  {= finding.riskLevel}
{END-FOR finding}

For loops allow you to step through arrays such as Hosts and Findings and follow the classic For Loop programming language structure {FOR x IN array} and end with the {END-FOR x} statement.

Sample Report Template

Sample Report Download: https://pentest.ws/docx/report_template.docx

Tier Availability

Reporting Templates are available on Hobby Tier and Pro Tier.